 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CNE End Point Requirements
CATEGORY REQ TYPE PRlORlTY
O Experime O Capability 0 Priority Requirements are divided into a number of CATEGORIES
I I I . . . identifying the amount of INNOVATION required to satisfy the
O Refmemer O pnonty ThlS spreadsheet contains the collated CNE user reqUIrements re uiremem
O conVergem captured by—as the Endpoint initiative lead. q
0 Bug Fix 0 Query 0 Priority . . . . Requirements are labelled by TYPE - referring to the primary issue
0 ALL To cut down the amount of Information VISIbIe select the associated with the re uiremem
O Taskir 0 ALL material you want to see via the Radio Buttons and then q
0 Viewe press Go ' Requirements are PRIORITISED - Priority 1 being the highest
0 ALL (essential) and Priority 3 the lowest (nice to have)
REQUIREMENTS PLANNED DEVELOPMENT WORK
Category Type Priority Number Description Individual Tasks — with RAG status
Refine Capability 1 Cap.01 Request document I file properties and task on the basis of STARGATE (Manual authorisation tool)
the same (author/etc)
Experiment Capability 1 Cap.02 Detect internal network activity (volumes and movement of
specific data types)
Experiment Capability 1 Cap.03 Low latency presence data for use in tip-off collection
Experiment Capability 1 Cap.04 Remote indexing ROCK OPERA remote indexing
Experiment Capability 1 Cap.05 Use API type functions of operating systems like their
indexing
Experiment Capability 2 Cap.06 characterisation of unallocated or deleted space - potentially STARGATE (Daredevil remote forensics plugin)
a source of intelligence on internet-facing target machines uincey pluqin
Experiment Capability 2 Cap.07 Destination IP address from messenger client packet capture
Experiment Capability 2 Cap.08 PCS - capability against mobile devices Research in CNE and ICTR
Experiment Capability 2 Cap.09 ability to list programs and applications commonly used on
the machine (pulled from Registry and program files?) - and
to monitor frequency of use
Experiment Capability 2 Cap.10 Follow/monitor movement of files I movement of users (key STARGATE (network summary plugin)
to identifying the Valuable pans Of a network) STARGATE (Endpoint data characterisation)
Experiment Capability 2 Cap.11 Rél’f’lMﬁlE'ﬁlaiﬁﬁﬁUSrﬁqiiarvester (with logics applied to
implant on USB to auto-retrieve data).
Refine Capability 2 Cap.12 web browsing content (html, cookies etc)
Experiment Capability 3 Cap.13 Change the registry (eg browser stain)
Experiment Capability 3 Cap.14 Collect the first line of the document text [the first 'n'
characters.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Experiment Capability Cap.15 CNA I CND profiling - Be able to search on hacking STARGATE (Endpoint data characterisation)
profileIsignature so can spot attacks leaving a box. Need

Experiment Capability Cap.16 Remote hashing of files

Experiment Convergence Conv.01 Data must be of a format which enables it to be merged with STARGATE ROADMAP iteration 7-10 (corporate framework,
data from other sources Itools in any future converged native viewing, CMS, convergence)
platform. E.g. putting internet selector (I'DI) related material
into passive events systems and auto-correlating activity
from a CNE implant to the same intercept collected in
passive

Experiment Convergence Conv.02 Metadata must be exportable to other relevant tools. STARGATE (Graphical query engine)

Experiment Convergence Conv.03 Geolocation information Google earth I C.O.R.E. I K.I.M STARGATE ROADMAP iteration 7-10 (corporate framework,

native viewing, CMS, convergence)

Experiment Convergence Ability to compare EndPoint data with .JTRIG forensic data & CNE metadata into the CMS

Experiment Convergence Develop a fingerprint concept (includes characterisation) - STARGATE (Endpoint data characterisation)
application profiles exportable to search in XKEYSCORE STARGATE (Machine survey/summary component)

Experiment Convergence mammambmthQMQﬁmrwéetﬁﬁn traCk'ng STARGATE ROADMAP iteration 7-10 (corporate framework,
standards, shareable with other tools to enable cross native viewing, CMS, convergence)
querying across the 5-eyes.

Refine Convergence EndPoint data should send I generate metadata for the new CNE metadata into the CMS
Content Metadata Store (CMS) GOLDEN EYE 2

Experiment Convergence Enrichment of EndPoint content and metadata from other STARGATE ROADMAP iteration 7-10 (corporate framework,
toolsIdatabases (BroadOak, UTT, .JTRIG, Globalreach, native viewing, CMS, convergence)
Global Surge, THUGGEE) LOOKING GLASS

Experiment Convergence Events data containing End Point internet activity material STARGATE ROADMAP iteration 7-10 (corporate framework,
e.g. this public IP has been seen in MARINA. native viewing, CMS, convergence)

Experiment Convergence Flexibility to keep pace with tools developments, Eclipse platform/framework
compatibility with others' efforts, and accessible to e.g. ICTR
(Applied Research)

Experiment Convergence PSC tipping to EREPO I other passive collection (see STARGATE (Alerting Components)
tasking requirement)

Experiment Convergence Data feeds in & out of Endpoint: Radio values and MAC STARGATE (Machine survey/summary component)
addresses I IP addresses - take data 10, and |00kup from STARGATE ROADMAP iteration 7-10 (corporate framework,

native viewing, CMS, convergence)

Experiment Convergence S STARGATE ROADMAP iteration 7-10 (corporate framework,
webmail cookie as an Active User entryIIP & Datetime in native viewing, CMS, convergence)
HAUSTORIUMIMARINAI(Via Shareown?)IMUTANT BROTH
or other corporate solutions

Experiment Convergence Conv.1'I Ability to view collected items with reports that have been STARGATE ROADMAP iteration 7-10 (corporate framework,
written from them - MOONRAKER (assume this would be native viewing, CMS, convergence)
done using the source record for reports)

Refine Convergence Conv.19 Be able to launch queries in other SIGINT systems from STARGATE ROADMAP iteration 2
within EndPoint e.g. Send identified selectors to events tools LO0K|NG GLASS

Experiment Convergence Conv.20 Carbon Rod - show me a man in the middle between this MUGSHOT

 

 

 

End Point network and this website. (Vulnerability

 

STARGATE (Machine survey/summary component)

 

 

 

STARGATE (Network visualisation)

 

STARGATE (network summary pluqi_n)
HIGH NOTE (CNE TD tools)
NAC Network Visualisation work

 

   
 

 

 

  
 

 

 

  

 

 

 
  
  

 

 

 

  
 

 

 

 

 

 

 

 

 

 

   

 

 

  
 
  

 

  

 

 

   
 
 
 
 

 

   
 

 

   

 

 

 

Experiment Convergence Conv.21 If the network contains wireless bridges, show me pictures of STARGATE (Network visualisation)
where that RF has been seen). Having the ability to connect NAC Network Visuansation work
Experiment Convergence Conv.24 mﬂmﬁm‘i‘dJﬁé'ﬁlﬁht Knowledge Base. Feed BROAD STARGATE ROADMAP iteration 7-10 (corporate framework,
OAK and other summarisation tools. native viewing, CMS, convergence)
STARGATE (Endpoint data characterisation)
Experiment Convergence Conv.25 Link out to (mirrored) open source resources such as Web I GOLDEN EYE 2
Wiki - look up machine I hardware info E.g. This MAC HIGH NOTE (CNE TD tools)
Experiment Convergence Conv.26 ﬁgrﬁﬁﬁifye$QIHSﬁrl9ctpl§m meFl’rllﬁ'iBﬁ'End router configs, STARGATE (Task management component)
in relation to your network - noting any outbound traceroutes H|GH NOTE (CNE TD toms)
that Cross an EREPO access STARGATE (Network visualisation)
Refine Query er.01 Result summaries - users need to be able to see results and Migrate STARGATE plugins to LOOKING GLASS
refine/summarise the dataset prior to launching further STARGATE (Graphicm query engine)
LOOKING GLASS
Refine Query er.02 ding Migrate STARGATE pluqins to LOOKING GLASS
CNE metadata into the CMS
STARGATE (Graphical query engine)
LOOKING GLASS
Experiment Query er.03 Query using indexed values from files (indexed remotely or ROCK OPERA remote indexing
locally) with ability to apply Boolean logic, including foreign UDAQ2
Refine Query er.U4 Wmtlﬂeﬁﬂﬁﬁﬁlf the CNE datastore STARGATE (Graphical query engine)
* target user
* machine/folder
* time
* most recently viewed files
Refine Query er.06 Save queries STARGATE (collaboration components)
STARGATE (Graphical query enqine)
Refine Query er.07 Tag-based searching: tags are given to items that fit the STARGATE (Endpoint data characterisation)
description e.g. "yahoo", "voip" (similar to fingerprints in X-
Keyscore).
Ability to compile 'common' tag-based searches. Essential to
the knowledge sharing process and corresponding use at
scale of end point.
Experiment Query er.08 Show me what IP messaging clients have connected to,
suggests new targets. Query on peer to peer connections
Refine Query er.09 Ability to add notes to items/machines/networks/projects to STARGATE (collaboration components)
support collaboration, notes pushed up the chain. Click on a LO0K|NG GLASS
Experiment Query er.10 AQFﬁlﬂbﬂéhWitFﬂBr egress ('which boxes can I get >1MB STARGATE (Shopping basket full functionality)
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Refine Query Import data from another source (eg 3rd party filelisting) - for GOLDEN EYE 2
example a CSV file into Eclipse
Refine Query Pull out all applications seen on a boxI network STARGATE (Machine surveyIsummary component)
STARGATE (Endpoint data characterisation)
Experiment Query pull out all selectors seen on a boxI in docs STARGATE (Summarisation)
* Telephone numbers, emails, passwords etc retrieved STARGATE (Graphicm query engine)
Refine Query meﬁrgsﬂtBQ'ﬂbFQWQJHEﬁ/ﬁzﬁﬁﬂﬁ HWCTisjQBEtUSBL STARGATE (Graphical query engine)
maChines I users ITDIS + latency & Tip Off STARGATE (Endpoint data characterisation)
Experiment Query Schedule queries on collected data STARGATE (Graphical query engine)
Refine Query Share queries STARGATE (collaboration components)
Experiment Query Ability to push data - i.e. ' other people found this interesting'l STARGATE (collaboration components)
'other people asked for this on this box' I 'query this to find STARGATE (Endpoint data characterisation)
Refine Query éEﬂEEtQHﬁEé’HuE-ﬁigsa" retr'eved yahoo data, encrypt'on STARGATE (Graphical query enqi_ne)
Refine Query Other users Flagged items (see knowledge sharing) and star STARGATE (collaboration components)
rating for items
Refine Query Query operations by machine types Itopic (technologies I STARGATE (Endpoint data characterisation)
common properties of operations, projects or machines STARGATE (Graphical query enqine)
Refine Query The ability to track the unique number assigned to a thumb
drive by computer and then correlate and map this to when
that same thumb drive is used in a different computer.
Experiment Query Volumes of activity across networks STARGATE (Network visualisation)
* which boxes are used most Often STARGATE (Endpoint data characterisation)
9' WhiCh boxes d0 canal“ Til-"‘93? STARGATE (Graphical query engine)
NAC Network Visualisation work
Refine Tasking By a specific file type STARGATE
STARGATE (Endpoint data characterisation)
Refine Tasking By those most recently viewed or used STARGATE
STARGATE (Endpoint data characterisation)
Refine Tasking directory listings I file listinqs STARGATE
Refine Tasking images I documents as thumbnails only STARGATE (Thumbnail viewer)
STARGATE (Auto conversion of thumbnail files)
STARGATE
Experiment Tasking Inform analysts what is I is not possible on this box I network STARGATE (Machine surveyIsummary component)
BTC- _ _ STARGATE (network summary pluqi_n)
:aricumem ml?“ plug "as 5:9 aVa'lab': an: haw thellI wofrk- STARGATE (Shopping basket full functionality)
the relgtgriplaoxtles can e Irectly tas e yt e anayst or ROCK OPERA remote indexing
E.g. remote indexing of a box HIGH NOTE (CNE TD toms)
* l-lrnru hm Ilrl urn imnlnnf it 
Experiment Tasking Tag-based tasking -rinternet activity profile (eg. usernames, STARGATE (Endpoint data characterisation)
passwords, B cookies, web browsing and more...)
Experiment Tasking Need for rules (time/volumelfile types), conflict resolution, STARGATE (Task management component)
permissions EKB information
Refine Tasking Request individual files STARGATE (Manual authorisation tool)
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Refine Tasking Task.11 Request network info e.g. traceroutes, ipconfig, arp - a, STARGATE (Manual authorisation tool)
PUSSible TOUTE 'Prims “atmap STARGATE (Network visualisation)
Experiment Tasking Task.13 Mission management: within the EndPoint system - on file STARGATE (Chequerboard)
request, generate metrics I stats - TPA can use LOOKING GLASS
Refine Tasking Task.14 Access to cookie content. These are powerful sigint STARGATE
enablers, carrying selector and geolocation information
amongst other stuff, so rank higher than other webbrowsing
material.
Experiment Tasking Task.15 Tasking by application e.g. "get me all Skype files" STARGATE (Endpoint data characterisation)
Experiment Tasking Task.16 Tasking by files containing a string I having particular hash STARGATE (Endpoint data characterisation)
values I image hash values
Refine Tasking Task.1'I #2Tasking by files that have changed STARGATE (Endpoint data characterisation)
Experiment Tasking Task.18 Tasking by geo value - google earth, public ip profiles, STARGATE (Endpoint data characterisation)
machine identifiers. Evowed MUTANT BROTH
Experiment Tasking Task.19 Tasking by type media content collection - IMIemail text, STARGATE (Endpoint data characterisation)
voice, video,  eg "get me all voice files" Automated taskinq
Refine Tasking Task.20 Tasking by user I author STARGATE (Endpoint data characterisation)
Refine Tasking Task.22 keylog requests - useful for passwords and the like STARGATE (key log viewer)
Refine Tasking Task.26 request pings on IP addresses to determine equipment STARGATE (Manual authorisation tool)
WDES- HIGH NOTE (CNE TD tools)
MUGSHOT
Experiment Tasking Task.28 Retrieve files based on text content- eg if the document has ROCK OPERA remote indexing
TOP SECRET in it, collect it, don't wait to be asked STARGATE (Shopping basket full functionality)
Experiment Tasking Task.29 §E$éllfg15bs STARGATE (Screenshot viewer)
STARGATE (Shopping basket full functionality)
Refine Tasking Task.30 Tasking pre-End Point (queuing up tasking before the STARGATE (Manual authorisation tool)
endpoint is ready)
Experiment Tasking Task.33 Bulk tasking - ability to apply tasking parameters to the STARGATE (Manual authorisation tool)
nemork/ Project 133k a “"99 SET TURBINE (mission applications)
ACNO mission management
Experiment Tasking Task.34 Effects based tasking, for certain users e.g. ability to change STARGATE (Manual authorisation tool)
registry, watermark files, or even destroy the box? New ONE Effects tooI
Experiment Tasking Task.36 Task an End Point to send tipping to the EREPO system for STARGATE (Manual authorisation tool)
collection on the active IP of the box. Put a beacon on this STARGATE (Alerting Components)
Refine Viewer View.01 Aﬁﬁqu-conﬁgure every function of the viewer, so that STARGATE (Collaboration components)
settings are saveable and shareable LOOKING GLASS
Experiment Viewer View.02 ability to view content in foreign script (in the correct order) STARGATE ROADMAP iteration 8
UDAQ2
Experiment Viewer View.03 Across networks we need to be able to distinguish between: STARGATE (Network visualisation)

 

 

 

 
  

* a computer on a network seen but not implanted at all
* computers with first stage implants, second stage
implants

* second stage implants but not yet surveyed

 

 

 

HIGH NOTE (CNE TD tools)

 

LU NAR HORN ET (Support for implant visualisation)

 

NAC Network Visualisation work
ICTR (3133) network mapping

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Experiment Viewer View.04 Analytics to produce a summary! profile page of a machine STARGATE (Machine survey/summary component)
as a starting point for the analyst, like CIA QUINCY STARGATE (Chequerboard)
Experiment Viewer View.05 @8199?@xﬁﬂﬁlﬁﬁf'ﬁﬁtHEWmelantslmake STARGATE (Network visualisation)
recommendations (show me paths with x hops) STARGATE (Network summary p|ugin)
LU NAR HORN ET (Support for implant visualisation)
Experiment Viewer View.06 Visualise and physically] logically map target networks STARGATE (Network summary plugin)
STARGATE (Network visualisation)
NAC Network Visualisation work
ICTR (3133) network mapping
Refine Viewer View.07 Machine properties: Domain - which domain(s) is the STARGATE (Machine survey/summary component)
machine in?
Refine Viewer View.08 Metadata for each file to include file properties (author, last STARGATE (Endpoint Data Characterisation)
modified by, dates, length, hidden, password protected, ROCK OPERA remote indexing
Refine Viewer View.09 Em WWWdWﬁ/Eeﬁﬂﬁﬁﬁﬁbn and a STARGATE (Endpoint Data Characterisation)
descriptor)
Refine Viewer View.10 Machine properties: IFl (public/private) include relevant STARGATE (Machine survey/summary component)
passive access points
Experiment Viewer View.11 Model time aspects in visualisation & physical/logical STARGATE (Endpoint Data Characterisation)
mapping of target networks - ie as machines STARGATE (Network visualisation)
Refine Viewer View.12 mesméemamemrk STARGATE (Machine survey/summary component)
Experiment Viewer View.14 see applications on a box. E.g. mail clients, messenger STARGATE (Machine survey/summary component)
clients, Autocad, Google Earth, antivirus/network apps
VPN.... "what apps on what box?".
Refine Viewer View.16 Show machine properties (note not 'implant' properties). STARGATE (Machine survey/summary component)
Allow for the possibility of multiple implants on a single
machine.
Experiment Viewer View.17 Show overall Project information on Op STARGATE (Task management component)
- who the target is, requirements, why the target is being STARGATE (Machine survey/summary component)
worked. (e.g. Country/contextual stuff - CP - Dr Evil - STARGATE (projecﬂop summary view)
“enema” N0 1) FLAME CARPET 2
' summary 0f pmgress' Ecli se drill down
- summary of SIGINT parameters (casenotationslsigad) p
- project lead and analysts who've registered an interest BROADOAK
' ' ' LOOKING GLASS
Experiment Viewer View.21 Need for COls, need to see current status of users STARGATE (Authorisation components, incl user management)
compartments. Classification of current view.
GOLDEN EYE 2
Refine Viewer View.22 Show results of content searches with paths for content UDAQ2
location
Experiment Viewer View.23 supported ability to view/ run native versions of non plain STARGATE (registry viewer)

 

 

 

 

text material (office docs, jpegs, video etc ALSO registry STARGATE ROADMAP iteration a

 

data, system files, shortcuts.) FUME CUPBOARD

 

 

 

 

 

  
 
 
 
 
 

 

 

 

 

  

  

 

 

 

 

 

 

 

 

 

 

 
 
 
 
 
 
 
 
 
 

 
 

 

 

 

 

 

 

 
 

 
 

 

 

 
 
 
 

 
 

 

 

 

  
 

 

 
 

 

  

 

  

 

 

 

 

Experiment Viewer View.24 tasking history - an ability to see the status of all files and the STARGATE (Task management component)
user‘s and others' current tasking Requested I RejectedI
Accepted I Delivered, viewable over an individual
machineIproject/network/SigintUserISigintTeam/types of
task/status etc etc (ie by any property of the tasking
including time)
Experiment Viewer View.25 Visualise file structures across different machines and STARGATE ROADMAP iteration 8
browse through them. Dinrvalks, file listings and other survey STARGATE (Graphical query engine)
results to be included. Subtract what's the same (or what's STARGATE (Endpoint Data characterisation)
d'ﬁerem) STARGATE (machine surveyIsummary component)
refine Viewer View.26 ability to click on email account and look at associated web STARGATE (Endpoint Data Characterisation)
browsing (algorithm to sessionise web sessions to email pASSIVE/ACTNE convergence
accounts > user) Analytics
Refine Viewer View.28 Ability to see who has viewed the network I projectI machine LOOKING GLASS
I individual files (including self!) UDAQz
Refine Viewer View.29 An ability to add and amend comments to the machine and LOOKING GLASS
to label it with values as above.
Refine Viewer View.30 Applications installed and versions/settings STARGATE (Machine surveyIsummary component)
Experiment Viewer View.31 Be able to graphically represent how a computer is STARGATE (Network visualisation)
communicating within the network, as well as outside. STARGATE (Network summary pmqin)
* Which ports are they using? I I Converged analytics
* Are they transfean 'nformat'o." “a FTP?. STARGATE (Machine surveyIsummary component)
Experiment Viewer View.32 STARGATE (Machine surveyIsummary component)
STARGATE (Endpoint Data Characterisation)
Refine Viewer View.33 click on email account to see other computers this account STARGATE (Endpoint Data Characterisation)
has been seen on in this particular networkI other CNE STARGATE (Network visuansation)
Experiment Viewer View.34 Wﬁﬁé tﬂﬁrﬁﬁﬁﬁﬁks - different operations (eg NSA, STARGATE (Network visualisation)
EREPO, RUFFLE) may have access at different points of a STARGATE (Network summary p|ugin)
nemork STARGATE (Endpoint Data Characterisation)
Refine Viewer View.35 Connecting my network internal to external I CNE to Passive GLOBAL SURGE
Refine Viewer View.36 Connection Logs to the networinnternet, by type as well as STARGATE (Endpoint Data Characterisation)
time for machine & target (eg POP3 logon times, dialup
connection times wifi ssids)
Refine Viewer View.37 Display address book and signature values from apps on STARGATE (E-mail visualisation)
machine (eg outlook)
Refine Viewer View.38 Display messaging activity from IM clients STARGATE (Endpoint Data Characterisation)
LOOKING GLASS
Refine Viewer View.39 Compare machines across a projectICNE - files
sentIreceived
Experiment Viewer View.4U find where the same values are present elsewhere (in STARGATE (Graphical query engine)

 

 

 

metadataIcontent/other accesses)

 

STARGATE (Endpoint Data Characterisation)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Refine Viewer 2 highlight where specific applicationlapp type files are stored STARGATE (Endpoint Data Characterisation)
(e.g. push out all SkypelPaltalkJMSN/Outlook
files/communications files)
Refine Viewer 2 Implant type, installed plugins, and potential plugins EKB information
(machine level view)
Refine Viewer 2 Latencies (traceroutes) HIGH NOTE (CNE TD tools)
STARGATE (Network visualisation)
NAC Network Visualisation work
Refine Viewer 2 list files on desktop
Refine Viewer 2 list of any identifiers found and where they were pulled from STARGATE (Machine survey/summary component)
0“ The maChine (39- RaSPhUne-Pbk) STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 list of the Nethood Folder
Refine Viewer 2 list profiles/accounts on box
Refine Viewer 2 Log of implant callbacks JACKPOT
Experiment Viewer 2 model contact data (best merged with other accesses - see STARGATE (Endpoint Data Characterisation)
convergence) LOOKING GLASS
Experiment Viewer 2 model internet activity - cookie exchanges and other content STARGATE (Endpoint Data Characterisation)
as well as a metadata summary User centric view
Activity modelling
Experiment Viewer 2 Model indexing of collected files on/across machines Entity extraction
Refine Viewer 2 msinfo command properties and similar. SLIPSTREAM
Forensics Implant
Refine Viewer 2 option to view only retrieved files and their location
Experiment Viewer 2 play back/ visualise user/machine/network activity (temporal STARGATE (Network visualisation)
mOdelling) STARGATE (Machine survey/summary component)
LOOKING GLASS
Experiment Viewer 2 registry viewer analysis STARGATE (registry viewer)
STARGATE (Daredevil remote forensics plugin)
Refine Viewer 2 See a model of where value has been gained from similar STARGATE (collaboration components)
maChines (Amazon Shopping mOde') ' Trend anal/Sis STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 See project lead and analysts who have registered an STARGATE (Endpoint Data Characterisation)
interest. Register an interest for self/section STARGATE (Alerting Components)
Refine Viewer 2 show machines accessed from other machines STARGATE (machine survey/summary component)
Refine Viewer 2 Show where files have changed since being viewed. STARGATE (Chequerboard)
Refine Viewer 2 show where recently opened/created documents are stored STARGATE ROADMAP iteration 2
(color coding if file has changed since last accessed) STARGATE (Graphicm query engine)
Refine Viewer 2 Machine properties: Type STARGATE (Machine survey/summary component)
(Desktoplrouter/server.’switch/wireless bridge/firewallNSAT STARGATE (Network visuansation)
modem ETC) STARGATE (Endpoint Data Characterisation)
NAC Network Visualisation work
Refine Viewer 2 user logs (who logged on when) STARGATE (machine survey/summary component)

 

 

 

 

 

STARGATE (Endpoint Data Characterisation)

 

Activity profiling

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Experiment Viewer View.67 Visualise the status of ONE operations, based on information STARGATE (Chequerboard)
held within the End Point System.
Experiment Viewer View.68 ability to display 'pattern of life' based on presence data. LOOKING GLASS
'social' networks to overlay the physical and logical network.
Refine Viewer View.69 ability to synchronise data - ability to convert times on target
data to Zululcorrect time if settings on target box/network are
wrong.
Experiment Viewer View.70 Ability to view collected items that have been reported and to LOOKING GLASS
label items as reported.
Refine Viewer View.71 click on email account.’ Instant Messaging account to see list STARGATE (E-mail visualisation)
01‘ bUddieS STARGATE (Endpoint Data Characterisation)
Refine Viewer View.?2 click on email account to see list of emails received I Subject STARGATE (E-mail visualisation)
/ From: STARGATE (Endpoint Data Characterisation)
Experiment Viewer View.?3 highlight files in suspicious places. eg This is supposed to be STARGATE (Machine survey/summary component)
5‘ SYSTem “'9 bUT is in The wrong Place- STARGATE (Endpoint Data Characterisation)
Experiment Viewer View.74 highlight whether this is a valid ‘system‘ file. Helpful in telling STARGATE (Endpoint Data Characterisation)
analyst what is worth tasking.
Refine Viewer View.75 How access was gained (MITM, content based -with email STARGATE (Machine surveylsummary component)
used, QUANTUM etc)
Refine Viewer View.76 links to glossary of CNEITAO/other glossary, breakdown of D1.3 (support provision of STARGATE training)
plugin options and definitions LOOKING GLASS
Refine Viewer View.77 list of email accounts to passwords STARGATE (E-mail visualisation)
STARGATE (Endpoint Data Characterisation)
Refine Viewer View.78 MAC/serial numbers & Equipment description - e.g. what is STARGATE (Machine surveylsummary component)
"box"? provide information on capability I what are OS
properties
Refine Viewer View.?9 Radio properties of box (eg wifi or vsat modem) STARGATE (Machine survey/summary component)

 

 

